package com.example.filter;

import com.example.entity.MyHttpRequest;
import com.example.mapper.UserMapper;
import com.example.pojo.User;
import com.example.util.JwtUtil;
import com.example.util.SpringGetBeanUtil;
import io.jsonwebtoken.Claims;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**判断权限是否满足的过滤器
 *
 * @email: pengyujun53@163.com
 * @author: peng_YuJun
 * @date: 2022/11/9
 * @time: 23:52
 */
@WebFilter
public class AuthorityFilter implements Filter {

    /**
     * 忽略拦截的名单
     */
    private String[] excludedUris;

    /**
     * 初始化
     * @param filterConfig
     * @throws ServletException
     */
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        //初始，获取忽略拦截的名单
        String param = filterConfig.getInitParameter("excludedUris");
        if (StringUtils.hasText(param)) {
            this.excludedUris = param.split(",");
        }
    }

    @Override
    public void destroy() {

    }

    /**
     * 具体做拦截的部分
     * @param servletRequest
     * @param servletResponse
     * @param filterChain
     * @throws IOException
     * @throws ServletException
     */
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;
        resp.setCharacterEncoding("UTF-8");
        resp.setContentType("application/json");
        resp.setHeader("Access-Control-Allow-Origin", "*");
        resp.setHeader("Access-Control-Allow-Credentials", "true");
        resp.setHeader("Access-Control-Allow-Methods", "*");
        resp.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token");
        resp.setHeader("Access-Control-Expose-Headers", "*");
        if (request.getMethod().equals(RequestMethod.OPTIONS.toString())){
            // 空请求
            return;
        }
        MyHttpRequest requestWrapper = new MyHttpRequest(request);

        // 定义表示变量 并验证用户请求URI 是否包含不过滤路径
        boolean flag = false;
        if (excludedUris!=null)
            for (String uri:excludedUris) {
                if (request.getRequestURI().contains(uri)){
                    flag = true;
                    break;
                }
            }

        if(!flag){ //不在忽略拦截名单上，需要拦截
            String token = request.getHeader("Authorization"); //取出token
            Claims claims = JwtUtil.parsePayload(token);  //解析token
            int uid = Integer.parseInt((String) claims.get("uid"));
            UserMapper userMapper = SpringGetBeanUtil.getBean(UserMapper.class);
            User user = userMapper.selectById(uid);

            // 可以写个鉴权程序

        }else { //在忽略拦截名单上，不需要拦截
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
}